1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

127003 Commits

Author SHA1 Message Date
Stefan Metzmacher
289b7a1595 s3:libsmb: close the temporary IPC$ connection in cli_full_connection()
We don't need the temporary IPC$ connection used for the
SMB1 UNIX CIFS extensions encryption setup anymore,
so we can also let the server close it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 11 23:03:11 UTC 2021 on sn-devel-184
2021-08-11 23:03:11 +00:00
Stefan Metzmacher
21302649c4 s3:libsmb: start encryption as soon as possible after the session setup
For the SMB1 UNIX CIFS extensions we create a temporary IPC$ tcon,
if there's no tcon yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-11 22:12:32 +00:00
Jeremy Allison
c013509680 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle.
Remove knownfails.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
RN: smbd panic on force-close share during offload write

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 11 20:02:57 UTC 2021 on sn-devel-184
2021-08-11 20:02:57 +00:00
Jeremy Allison
7e7ea761a3 s4: torture: Add test for smb2.ioctl.bug14769.
Add knownfails.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-08-11 19:16:29 +00:00
Jeremy Allison
c551d33c6b s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Now all we need is the client-side test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-08-11 19:16:29 +00:00
Jeremy Allison
0f4a8d2688 s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code.
Commented out as not yet called.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-08-11 19:16:29 +00:00
Jeremy Allison
62cd95096a s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Prepare for async FSCTL tests on an fsp.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-08-11 19:16:29 +00:00
Jeremy Allison
6b6770c2ba s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file.
We will be adding async supporting code to this, and we don't want to
clutter up smb2_ioctl.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-08-11 19:16:29 +00:00
Ralph Boehme
4354823c51 libreplace: properly execute SYS_copy_file_range check
It seems some systems (like Centos 7) have the SYS_copy_file_range define but
fail the syscall when actually being called. The current configure check is only
compiled, not run so erroneously reports a working SYS_copy_file_range.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786
RN: Insufficient libreplace check for SYS_copy_file_range check

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 10 19:37:14 UTC 2021 on sn-devel-184
2021-08-10 19:37:14 +00:00
Ralph Boehme
22a58a5184 libreplace: properly give headers to conf.CHECK_CODE when checking for copy_file_range_syscall
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-10 18:44:30 +00:00
Ralph Boehme
45a33b25c4 s3/rpc_server: track the number of policy handles with a talloc destructor
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783
RN: smbd "deadtime" parameter doesn't work anymore

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184
2021-08-10 18:41:43 +00:00
Ralph Boehme
39db53a139 selftest: add a test for the "deadtime" parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-10 17:50:32 +00:00
Volker Lendecke
62f206a249 smbd: Simplify mark_share_mode_disconnected()
We can use reset_share_mode_entry() for this purpose. 32 lines less
code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug  6 18:09:06 UTC 2021 on sn-devel-184
2021-08-06 18:09:06 +00:00
Volker Lendecke
9e8f7910b2 smbd: Fix fetch_share_mode_send() error return
The "return" is unnecessary here, but in case the code changes later
on, it won't be forgotten. Also, we need to tell the callers that we
found an invalid record.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
a1cbb8bc44 net: Use dbwrap_do_locked() in wipedbs_delete_records()
Eventually I'd like to get rid of dbwrap_fetch_locked()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
1881240d46 libsmbclient: Avoid a call to SMBC_errno() in SMBC_notify_ctx()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
009b6e748e libsmbclient: Avoid a call to SMBC_errno() in SMBC_attr_server()
I think this also fixes the errno return, cli_shutdown() can do a lot and set
errno in between.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
4bd69f1e1a libsmbclient: Avoid a call to SMBC_errno() in SMBC_splice_ctx()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
19df9a2edf libsmbclient: Avoid a call to SMBC_errno() in SMBC_read_ctx()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
5e98b7dfc0 libsmbclient: Avoid a call to SMBC_errno() in SMBC_open_ctx()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
7c2b6a71dc libsmbclient: Avoid a call to SMBC_errno() in SMBC_chmod_ctx()
Directly use the return value from cli_setatr(), don't go via the cli_state
struct member

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
e80d390b4b lib: Use TALLOC_FREE() in data_blob_free()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
cac5e8287a rpc_client: Avoid two casts with proper printf specifiers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
cf8601e785 rpc_client: Save 65 .text bytes with -Os
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
c8768551fb rpc_client: Simplify create_rpc_bind_req()
In former times this switch statement had more than one branch

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
f6c9e2800e rpc_client: Replace ZERO_STRUCTP with struct assignment
Give the compiler simpler hints

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
dbb1047e47 rpc_client: Simplify rpc_pipe_bind_step_one_done()
With just one case handled specially in a switch statement and the
rest being default:, a simple if-statement can reduce indentation.

Best viewed with "git show -b".

I wonder if the second "if (pauth->auth_type == DCERPC_AUTH_TYPE_NONE)"
leads to reachable code, this should have been taken care of already
further up. But for now I did the 1:1 translation of existing code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
5cb5fadce4 libnetapi: Save lines with any_nt_status_not_ok()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
de1b95791c net: Align some integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
3eaa2bcb89 net3: Simplify name_to_sid(): dom_sid_parse checks for "S-" prefix
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
4a99fe42e6 net3: Save a few lines with any_nt_status_not_ok()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
d2a08f5d67 samdb: Fix an uninitialized variable read
When the "(status == LDB_SUCCESS && msg != NULL)" condition in this
routine is not evaluating to true, "new_rid" is read uninitialized,
comparing it against ~0. Initialize new_rid and compare it against
UINT32_MAX instead of ~0.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
621f561a9c lib;smbd: Fix the -Os build by initializing variables
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
fa8c0379b5 lib: Fix a potential error path memleak
Don't directly overwrite the pointer for a realloc. On failure, the
original pointer is still valid.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
Volker Lendecke
e52ce697d9 rpcclient: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-06 17:22:30 +00:00
David Gajewski
069d23f0a7 s3: VFS: solarisacl: Fix compile error (missed variable rename).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14773

Signed-off-by: David Gajewski <dgajews@math.utoledo.edu>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug  6 17:19:57 UTC 2021 on sn-devel-184
2021-08-06 17:19:57 +00:00
Andrew Bartlett
7e6b818fea ktutil: Print the numeric enctype if krb5_enctype_to_string() fails
Sadly krb5_enctype_to_string() fails when des-cbc-crc encyrption
type is removed, leaving a failure the operate rather than
falling back to anything useful.

So fall back to printing 3 in the absense of anything more
useful.  A future fix could be to hard-code this mapping
in the smb_krb5_enctype_to_string() wrapper.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug  6 05:53:44 UTC 2021 on sn-devel-184
2021-08-06 05:53:44 +00:00
Volker Lendecke
4d44db0208 docs: Add vfs_expand_msdfs manpage
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12707

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug  5 18:09:11 UTC 2021 on sn-devel-184
2021-08-05 18:09:11 +00:00
Andreas Schneider
104fc35390 mit-samba: Only set the function opening bracket once
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug  5 10:33:18 UTC 2021 on sn-devel-184
2021-08-05 10:33:18 +00:00
Andreas Schneider
60159e0385 mit-samba: Use talloc_get_type_abort() instead of casting
This is safer to use and fixes compiler warnings.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-05 09:46:30 +00:00
Andreas Schneider
dd8138236b mit-samba: Send the logging to the kdc log facility
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-05 09:46:30 +00:00
Andreas Schneider
41d906301b mit-samba: Define debug class for kdb module
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-05 09:46:30 +00:00
Jeremy Allison
4f093ae6c9 s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case.
Same as the fix for glusterfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14766

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug  5 06:15:14 UTC 2021 on sn-devel-184
2021-08-05 06:15:14 +00:00
Andreas Schneider
000f389d09 gitlab: Use shorter names for Samba AD DC env with MIT KRB5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug  3 20:35:49 UTC 2021 on sn-devel-184
2021-08-03 20:35:49 +00:00
Andreas Schneider
aab5cc95e2 s3:winbindd: Add a check for the path length of 'winbindd socket directory'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-03 19:44:31 +00:00
Andreas Schneider
e2962b4262 configure: Do not put arguments into double quotes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14777

This could create an issue that arguments don't get split by python and then the
following could happen:

    ./configure --libdir=/usr/lib64 --enable-clangdb

    LIBDIR='/usr/lib64 --enable-clangdb'

This ends then up in parameters.all.xml:

    <!ENTITY pathconfig.LIBDIR   '/usr/lib64 --enable-clangdb'>

The python parser then errors out:

    xml.etree.ElementTree.ParseError: not well-formed (invalid token)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug  3 18:36:37 UTC 2021 on sn-devel-184
2021-08-03 18:36:37 +00:00
Stefan Metzmacher
93bac5f122 winbindd_pam: add NT4 DC handling into winbind_samlogon_retry_loop()
Handle the case where a NT4 DC does not fill in the acct_flags in
the samlogon reply info3. Yes, in 2021, there are still admins
arround with real NT4 DCs.

NT4 DCs reject authentication with workstation accounts with
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, even if
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT is specified.

We no longer call dcerpc_samr_QueryUserInfo(level=16)
to get the acct_flags, as we only ever got
ACB_NORMAL back (maybe with ACB_PWNOEXP in addition),
which is easy to calculate on our own.
This was removed in commit (for 4.15.0rc1):

  commit 73528f26ee
  Author:     Ralph Boehme <slow@samba.org>
  AuthorDate: Mon Jan 11 14:59:46 2021 +0100
  Commit:     Jeremy Allison <jra@samba.org>
  CommitDate: Thu Jan 21 22:56:20 2021 +0000

      winbind: remove legacy flags fallback

      Some very old NT4 DCs might have not returned the account flags filled in. This
      shouldn't be a problem anymore. Additionally, on a typical domain member server,
      this request is (and can only be) send to the primary domain, so this will not
      work with accounts from trusted domains.

      Signed-off-by: Ralph Boehme <slow@samba.org>
      Reviewed-by: Jeremy Allison <jra@samba.org>

      Autobuild-User(master): Jeremy Allison <jra@samba.org>
      Autobuild-Date(master): Thu Jan 21 22:56:20 UTC 2021 on sn-devel-184

It means one more caller of the problematic cm_connect_sam()
function is removed! SAMR connections may not be allowed for
machine accounts with modern AD DCs.

For network logons NT4 DCs also skip the
account_name, so we have to fallback to the
one given by the client. We have code to cope
with that deeply hidden inside of netsamlogon_cache_store().

Up to Samba 4.7 netsamlogon_cache_store() operated on the
info3 structure that was passed to the caller of winbind_dual_SamLogon()
and pass propagated up to auth_winbind in smbd.

But for Samba 4.8 the following commit:

  commit f153c95176
  Author: Ralph Boehme <slow@samba.org>
  Date:   Mon Dec 11 16:25:35 2017 +0100

      winbindd: let winbind_dual_SamLogon return validation

      Signed-off-by: Ralph Boehme <slow@samba.org>
      Reviewed-by: Stefan Metzmacher <metze@samba.org>

actually changed the situation and only a temporary info3 structure
was passed into netsamlogon_cache_store(), which means
account_name was NULL and get propagated as "" into auth_winbind
in smbd, where getpwnam() is no longer possible and every
smb access gets NT_STATUS_LOGON_FAILURE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14772

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug  3 11:10:27 UTC 2021 on sn-devel-184
2021-08-03 11:10:27 +00:00
Andreas Schneider
23e5b7cc79 s4:torture: Add rpc netlogon fips test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug  3 10:18:26 UTC 2021 on sn-devel-184
2021-08-03 10:18:26 +00:00
Andreas Schneider
f1df0c4d0a s4:torture: Remove trailing whitespaces in rpc.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-03 09:28:39 +00:00
Andreas Schneider
fd5b315805 s4:selftest: Pass environ to plansmbtorture4testsuite()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-03 09:28:38 +00:00